Cryptology ePrint Archive: Report 2002/035

Tripartite Authenticated Key Agreement Protocols from Pairings

Sattam S. Al-Riyami and Kenneth G. Paterson

Abstract: Joux's protocol is a one round, tripartite key
agreement protocol that is more bandwidth-efficient than any
previous three-party key agreement protocol. But it is insecure,
suffering from a simple man-in-the-middle attack. This paper shows
how to make Joux's protocol secure, presenting several tripartite,
authenticated key agreement protocols that still require only one
round of communication. A pass-optimal authenticated and key
confirmed tripartite protocol that generalises the
station-to-station protocol is also presented. The security
properties of the new protocols are studied using provable
security methods and heuristic approaches. Applications for the
protocols are also discussed.